aboutsummaryrefslogtreecommitdiff
path: root/juick-www/src/main/java/com/juick/www
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2017-03-29 14:11:46 +0300
committerGravatar Vitaly Takmazov2017-03-29 14:11:46 +0300
commit9f770c26d1e4f392d591bf35886e3dcc7371d64f (patch)
tree5fccb22b5c01b40d81a111de61e5fbf27f55a18f /juick-www/src/main/java/com/juick/www
parent889a5e543d33e3305bccd77e52722da695e068f7 (diff)
juick-www: Spring Security
Diffstat (limited to 'juick-www/src/main/java/com/juick/www')
-rw-r--r--juick-www/src/main/java/com/juick/www/WebApp.java17
-rw-r--r--juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java63
-rw-r--r--juick-www/src/main/java/com/juick/www/configuration/WwwInitializer.java3
-rw-r--r--juick-www/src/main/java/com/juick/www/configuration/WwwSecurityInitializer.java20
-rw-r--r--juick-www/src/main/java/com/juick/www/controllers/Help.java3
-rw-r--r--juick-www/src/main/java/com/juick/www/controllers/Home.java3
-rw-r--r--juick-www/src/main/java/com/juick/www/controllers/Login.java44
-rw-r--r--juick-www/src/main/java/com/juick/www/controllers/NewMessage.java9
-rw-r--r--juick-www/src/main/java/com/juick/www/controllers/PM.java7
-rw-r--r--juick-www/src/main/java/com/juick/www/controllers/Settings.java4
-rw-r--r--juick-www/src/main/java/com/juick/www/controllers/SignUp.java5
-rw-r--r--juick-www/src/main/java/com/juick/www/controllers/Tags.java3
-rw-r--r--juick-www/src/main/java/com/juick/www/controllers/User.java9
-rw-r--r--juick-www/src/main/java/com/juick/www/controllers/UserThread.java3
-rw-r--r--juick-www/src/main/java/com/juick/www/controllers/XMPPPost.java3
15 files changed, 116 insertions, 80 deletions
diff --git a/juick-www/src/main/java/com/juick/www/WebApp.java b/juick-www/src/main/java/com/juick/www/WebApp.java
index 2d95cb85a..72eb3fbca 100644
--- a/juick-www/src/main/java/com/juick/www/WebApp.java
+++ b/juick-www/src/main/java/com/juick/www/WebApp.java
@@ -19,7 +19,6 @@ package com.juick.www;
import com.juick.Message;
import com.juick.Tag;
-import com.juick.User;
import com.juick.service.TagService;
import com.juick.service.UserService;
import com.juick.www.controllers.PageTemplates;
@@ -36,8 +35,6 @@ import rocks.xmpp.core.session.XmppSessionConfiguration;
import rocks.xmpp.core.session.debug.LogbackDebugger;
import rocks.xmpp.extensions.component.accept.ExternalComponent;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
@@ -103,20 +100,6 @@ public class WebApp implements AutoCloseable {
return xmpp;
}
-
- public com.juick.User getVisitorUser(HttpServletRequest request, HttpServletResponse response) {
- String hash = Utils.getCookie(request, "hash");
- if (hash != null) {
- com.juick.User visitor = userService.getUserByHash(hash);
- if (response != null && visitor.getUid() > 0) {
- response.setHeader("X-Username", visitor.getName());
- }
- return visitor;
- } else {
- return new User();
- }
- }
-
public String getImgDir() {
return imgDir;
}
diff --git a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
new file mode 100644
index 000000000..9d603da89
--- /dev/null
+++ b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
@@ -0,0 +1,63 @@
+package com.juick.www.configuration;
+
+import com.juick.server.security.entities.JuickUser;
+import com.juick.service.UserService;
+import com.juick.service.security.JuickUserDetailsService;
+import org.springframework.context.annotation.Bean;
+import org.springframework.core.env.Environment;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.UserDetailsService;
+
+import javax.annotation.Resource;
+
+/**
+ * Created by aalexeev on 11/21/16.
+ */
+@EnableWebSecurity
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+ @Resource
+ private Environment env;
+ @Resource
+ private UserService userService;
+
+ @Bean("userDetailsService")
+ @Override
+ public UserDetailsService userDetailsServiceBean() throws Exception {
+ return new JuickUserDetailsService(userService);
+ }
+
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http
+ .authorizeRequests()
+ .antMatchers("/settings", "/pm/**").authenticated()
+ .anyRequest().permitAll()
+ .and()
+ .anonymous().principal(JuickUser.ANONYMOUS_USER).authorities(JuickUser.ANONYMOUS_AUTHORITY)
+ .and()
+ .sessionManagement().invalidSessionUrl("/")
+ .and()
+ .logout().invalidateHttpSession(true).logoutUrl("/logout").logoutSuccessUrl("/")
+ .and()
+ .formLogin()
+ .loginPage("/login")
+ .permitAll()
+ .defaultSuccessUrl("/")
+ .loginProcessingUrl("/login")
+ .usernameParameter("username")
+ .passwordParameter("password")
+ .failureUrl("/login-error")
+ .and()
+ .rememberMe()
+ .tokenValiditySeconds(6 * 30 * 24 * 3600)
+ .alwaysRemember(true)
+ //.useSecureCookie(true) // TODO Enable if https is supports
+ .rememberMeCookieDomain(env.getProperty("web_domain", "juick.com"))
+ .userDetailsService(userDetailsServiceBean())
+ .key(env.getProperty("auth_remember_me_key"))
+ .and()
+ .csrf().disable();
+ }
+}
diff --git a/juick-www/src/main/java/com/juick/www/configuration/WwwInitializer.java b/juick-www/src/main/java/com/juick/www/configuration/WwwInitializer.java
index 204d8c6c2..138c71217 100644
--- a/juick-www/src/main/java/com/juick/www/configuration/WwwInitializer.java
+++ b/juick-www/src/main/java/com/juick/www/configuration/WwwInitializer.java
@@ -21,7 +21,8 @@ public class WwwInitializer extends AbstractAnnotationConfigDispatcherServletIni
WwwAppConfiguration.class,
DataConfiguration.class,
SearchConfiguration.class,
- SapeConfiguration.class
+ SapeConfiguration.class,
+ WebSecurityConfig.class
};
}
diff --git a/juick-www/src/main/java/com/juick/www/configuration/WwwSecurityInitializer.java b/juick-www/src/main/java/com/juick/www/configuration/WwwSecurityInitializer.java
new file mode 100644
index 000000000..0ea8c9076
--- /dev/null
+++ b/juick-www/src/main/java/com/juick/www/configuration/WwwSecurityInitializer.java
@@ -0,0 +1,20 @@
+package com.juick.www.configuration;
+
+/**
+ * Created by vitalyster on 25.11.2016.
+ */
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
+
+import javax.servlet.ServletContext;
+
+public class WwwSecurityInitializer extends AbstractSecurityWebApplicationInitializer {
+ private final Logger logger = LoggerFactory.getLogger(getClass());
+
+ @Override
+ protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
+ logger.info("SpringSecurityFilterChain initialized");
+ }
+}
diff --git a/juick-www/src/main/java/com/juick/www/controllers/Help.java b/juick-www/src/main/java/com/juick/www/controllers/Help.java
index 361d5efc8..8256b4be6 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/Help.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/Help.java
@@ -2,6 +2,7 @@ package com.juick.www.controllers;
import com.juick.server.util.HttpNotFoundException;
import com.juick.service.MessagesService;
+import com.juick.util.UserUtils;
import com.juick.www.HelpService;
import com.juick.www.WebApp;
import org.springframework.stereotype.Controller;
@@ -39,7 +40,7 @@ public class Help {
@PathVariable("page") Optional<String> pageParam,
@PathVariable("langOrPage") Optional<String> langOrPageParam,
Model model) throws IOException, URISyntaxException {
- com.juick.User visitor = webApp.getVisitorUser(request, response);
+ com.juick.User visitor = UserUtils.getCurrentUser();
String page = pageParam.orElse("index");
String lang = langParam.orElse(locale.getLanguage());
diff --git a/juick-www/src/main/java/com/juick/www/controllers/Home.java b/juick-www/src/main/java/com/juick/www/controllers/Home.java
index 405a4bd62..4f597d5a2 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/Home.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/Home.java
@@ -20,6 +20,7 @@ package com.juick.www.controllers;
import com.juick.service.AdsService;
import com.juick.service.MessagesService;
import com.juick.service.UserService;
+import com.juick.util.UserUtils;
import com.juick.util.WebUtils;
import com.juick.www.Utils;
import com.juick.www.WebApp;
@@ -100,7 +101,7 @@ public class Home {
if (tag != null) {
Utils.sendPermanentRedirect(response, "/tag/" + URLEncoder.encode(tag, CharEncoding.UTF_8));
}
- com.juick.User visitor = webApp.getVisitorUser(request, response);
+ com.juick.User visitor = UserUtils.getCurrentUser();
int paramBefore = NumberUtils.toInt(request.getParameter("before"), 0);
String paramSearch = request.getParameter("search");
diff --git a/juick-www/src/main/java/com/juick/www/controllers/Login.java b/juick-www/src/main/java/com/juick/www/controllers/Login.java
index c9056f229..2d41d9b46 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/Login.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/Login.java
@@ -18,6 +18,7 @@
package com.juick.www.controllers;
import com.juick.service.UserService;
+import com.juick.util.UserUtils;
import com.juick.www.Utils;
import com.juick.www.WebApp;
import org.springframework.stereotype.Controller;
@@ -60,7 +61,7 @@ public class Login {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
}
}
- com.juick.User visitor = webApp.getVisitorUser(request, response);
+ com.juick.User visitor = UserUtils.getCurrentUser();
if (visitor.getUid() > 0) {
Utils.sendTemporaryRedirect(response, "/");
return;
@@ -209,45 +210,4 @@ public class Login {
out.println("</html>");
}
}
-
- @RequestMapping(value = "/login", method = RequestMethod.POST)
- protected void doPostLogin(HttpServletRequest request, HttpServletResponse response) throws IOException {
- String username = request.getParameter("username");
- String password = request.getParameter("password");
- if (username == null || password == null || username.length() > 32 || password.isEmpty()) {
- response.sendError(HttpServletResponse.SC_BAD_REQUEST);
- return;
- }
-
- int uid = userService.checkPassword(username, password);
- if (uid > 0) {
- String hash = userService.getHashByUID(uid);
- Cookie c = new Cookie("hash", hash);
- c.setMaxAge(365 * 24 * 60 * 60);
- response.addCookie(c);
-
- String referer = request.getHeader("Referer");
- if (referer != null && referer.startsWith("http://juick.com/") && !referer.equals("http://juick.com/login")) {
- response.sendRedirect(referer);
- } else {
- response.sendRedirect("/");
- }
- } else {
- response.sendError(HttpServletResponse.SC_FORBIDDEN);
- }
- }
-
- @RequestMapping(value = "/logout", method = RequestMethod.GET)
- protected void doGetLogout(HttpServletRequest request, HttpServletResponse response) throws IOException {
- com.juick.User visitor = webApp.getVisitorUser(request, response);
- if (visitor.getUid() > 0) {
- userService.logout(visitor.getUid());
- }
-
- Cookie c2 = new Cookie("hash", "-");
- c2.setMaxAge(0);
- response.addCookie(c2);
-
- response.sendRedirect("/");
- }
}
diff --git a/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java b/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java
index 1993737bf..fcd277109 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java
@@ -22,6 +22,7 @@ import com.juick.server.helpers.TagStats;
import com.juick.server.util.HttpBadRequestException;
import com.juick.server.util.HttpUtils;
import com.juick.service.*;
+import com.juick.util.UserUtils;
import com.juick.www.Utils;
import com.juick.www.WebApp;
import org.apache.commons.io.FilenameUtils;
@@ -87,7 +88,7 @@ public class NewMessage {
@RequestMapping(value = "/post", method = RequestMethod.GET)
protected void doGetNewMessage(HttpServletRequest request, HttpServletResponse response) throws IOException {
- com.juick.User visitor = webApp.getVisitorUser(request, response);
+ com.juick.User visitor = UserUtils.getCurrentUser();
if (visitor.getUid() == 0) {
Utils.sendTemporaryRedirect(response, "/login");
return;
@@ -184,7 +185,7 @@ public class NewMessage {
public void doPostMessage(HttpServletRequest request, HttpServletResponse response,
@RequestParam(required = false) String img,
@RequestParam(required = false) MultipartFile attach) throws IOException {
- com.juick.User visitor = webApp.getVisitorUser(request, response);
+ com.juick.User visitor = UserUtils.getCurrentUser();
if (visitor.getUid() == 0) {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
@@ -317,7 +318,7 @@ public class NewMessage {
public void doPostComment(HttpServletRequest request, HttpServletResponse response,
@RequestParam(required = false) String img,
@RequestParam(required = false) MultipartFile attach) throws IOException {
- com.juick.User visitor = webApp.getVisitorUser(request, response);
+ com.juick.User visitor = UserUtils.getCurrentUser();
if (visitor.getUid() == 0) {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
@@ -433,7 +434,7 @@ public class NewMessage {
@RequestMapping(value = "/like", method = RequestMethod.POST)
public void doPostRecomm(HttpServletRequest request, HttpServletResponse response) throws IOException {
- com.juick.User visitor = webApp.getVisitorUser(request, response);
+ com.juick.User visitor = UserUtils.getCurrentUser();
if (visitor.getUid() == 0) {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
diff --git a/juick-www/src/main/java/com/juick/www/controllers/PM.java b/juick-www/src/main/java/com/juick/www/controllers/PM.java
index 028feabcc..9cc29129c 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/PM.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/PM.java
@@ -22,6 +22,7 @@ import com.juick.service.PMQueriesService;
import com.juick.service.TagService;
import com.juick.service.UserService;
import com.juick.util.MessageUtils;
+import com.juick.util.UserUtils;
import com.juick.util.WebUtils;
import com.juick.www.Utils;
import com.juick.www.WebApp;
@@ -62,7 +63,7 @@ public class PM {
@RequestMapping(value = "/pm/inbox", method = RequestMethod.GET)
protected String doGetInbox(HttpServletRequest request, HttpServletResponse response, ModelMap model) {
- com.juick.User visitor = webApp.getVisitorUser(request, response);
+ com.juick.User visitor = UserUtils.getCurrentUser();
if (visitor.getUid() == 0) {
Utils.sendTemporaryRedirect(response, "/login");
}
@@ -79,7 +80,7 @@ public class PM {
@RequestMapping(value = "/pm/sent", method = RequestMethod.GET)
protected String doGetSent(HttpServletRequest request, HttpServletResponse response, ModelMap model) {
- com.juick.User visitor = webApp.getVisitorUser(request, response);
+ com.juick.User visitor = UserUtils.getCurrentUser();
if (visitor.getUid() == 0) {
Utils.sendTemporaryRedirect(response, "/login");
}
@@ -102,7 +103,7 @@ public class PM {
@RequestMapping(value = "/pm/send", method = RequestMethod.POST)
public void doPostPM(HttpServletRequest request, HttpServletResponse response) throws IOException {
- com.juick.User visitor = webApp.getVisitorUser(request, response);
+ com.juick.User visitor = UserUtils.getCurrentUser();
if (visitor.getUid() == 0 || visitor.isBanned()) {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
diff --git a/juick-www/src/main/java/com/juick/www/controllers/Settings.java b/juick-www/src/main/java/com/juick/www/controllers/Settings.java
index 053a014e7..43215c622 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/Settings.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/Settings.java
@@ -86,7 +86,7 @@ public class Settings {
@RequestMapping(value = "/settings", method = RequestMethod.GET)
protected String doGet(HttpServletRequest request, HttpServletResponse response, ModelMap model) throws IOException {
- com.juick.User visitor = webApp.getVisitorUser(request, response);
+ com.juick.User visitor = UserUtils.getCurrentUser();
if (visitor.getUid() == 0) {
response.sendRedirect("/login");
}
@@ -129,7 +129,7 @@ public class Settings {
@RequestParam(required = false) MultipartFile avatar,
ModelMap model)
throws IOException, ServletException {
- com.juick.User visitor = webApp.getVisitorUser(request, response);
+ com.juick.User visitor = UserUtils.getCurrentUser();
if (visitor.getUid() == 0) {
throw new HttpBadRequestException();
}
diff --git a/juick-www/src/main/java/com/juick/www/controllers/SignUp.java b/juick-www/src/main/java/com/juick/www/controllers/SignUp.java
index ad1482650..4c20e5133 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/SignUp.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/SignUp.java
@@ -22,6 +22,7 @@ import com.juick.server.util.HttpForbiddenException;
import com.juick.service.CrosspostService;
import com.juick.service.MessagesService;
import com.juick.service.UserService;
+import com.juick.util.UserUtils;
import com.juick.www.Utils;
import com.juick.www.WebApp;
import org.springframework.stereotype.Controller;
@@ -53,7 +54,7 @@ public class SignUp {
@RequestMapping(value = "/signup", method = RequestMethod.GET)
protected String doGet(HttpServletRequest request, HttpServletResponse response, ModelMap model) {
- com.juick.User visitor = webApp.getVisitorUser(request, response);
+ com.juick.User visitor = UserUtils.getCurrentUser();
String type = request.getParameter("type");
String hash = request.getParameter("hash");
@@ -92,7 +93,7 @@ public class SignUp {
@RequestMapping(value = "/signup", method = RequestMethod.POST)
protected String doPost(HttpServletRequest request, HttpServletResponse response) {
- com.juick.User visitor = webApp.getVisitorUser(request, response);
+ com.juick.User visitor = UserUtils.getCurrentUser();
int uid = 0;
String type = request.getParameter("type");
diff --git a/juick-www/src/main/java/com/juick/www/controllers/Tags.java b/juick-www/src/main/java/com/juick/www/controllers/Tags.java
index 738131796..a0682a450 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/Tags.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/Tags.java
@@ -20,6 +20,7 @@ package com.juick.www.controllers;
import com.juick.service.AdsService;
import com.juick.service.MessagesService;
import com.juick.service.TagService;
+import com.juick.util.UserUtils;
import com.juick.www.Utils;
import com.juick.www.WebApp;
import org.apache.commons.lang3.CharEncoding;
@@ -61,7 +62,7 @@ public class Tags {
@PathVariable String tagName,
@RequestParam(required = false, defaultValue = "0") int before,
HttpServletResponse response) throws IOException {
- com.juick.User visitor = webApp.getVisitorUser(request, response);
+ com.juick.User visitor = UserUtils.getCurrentUser();
String paramTagStr = StringEscapeUtils.unescapeHtml4(tagName);
com.juick.Tag paramTag = tagService.getTag(paramTagStr, false);
diff --git a/juick-www/src/main/java/com/juick/www/controllers/User.java b/juick-www/src/main/java/com/juick/www/controllers/User.java
index e84c8913b..28a912987 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/User.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/User.java
@@ -21,6 +21,7 @@ import com.juick.server.helpers.TagStats;
import com.juick.service.MessagesService;
import com.juick.service.TagService;
import com.juick.service.UserService;
+import com.juick.util.UserUtils;
import com.juick.www.Utils;
import com.juick.www.WebApp;
import org.apache.commons.lang3.CharEncoding;
@@ -66,7 +67,7 @@ public class User {
@PathVariable String uname,
@RequestParam(required = false, defaultValue = "0") Integer before) throws IOException {
com.juick.User user = userService.getUserByName(uname);
- com.juick.User visitor = webApp.getVisitorUser(request, response);
+ com.juick.User visitor = UserUtils.getCurrentUser();
if (user.isBanned()) {
response.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
@@ -180,7 +181,7 @@ public class User {
protected void doGetTags(HttpServletRequest request, HttpServletResponse response,
@PathVariable String uname) throws IOException {
com.juick.User user = userService.getUserByName(uname);
- com.juick.User visitor = webApp.getVisitorUser(request, response);
+ com.juick.User visitor = UserUtils.getCurrentUser();
if (visitor.isBanned()) {
response.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
@@ -206,7 +207,7 @@ public class User {
protected void doGetFriends(HttpServletRequest request, HttpServletResponse response,
@PathVariable String uname) throws ServletException, IOException {
com.juick.User user = userService.getUserByName(uname);
- com.juick.User visitor = webApp.getVisitorUser(request, response);
+ com.juick.User visitor = UserUtils.getCurrentUser();
if (visitor.isBanned()) {
response.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
@@ -244,7 +245,7 @@ public class User {
protected void doGetReaders(HttpServletRequest request, HttpServletResponse response,
@PathVariable String uname) throws ServletException, IOException {
com.juick.User user = userService.getUserByName(uname);
- com.juick.User visitor = webApp.getVisitorUser(request, response);
+ com.juick.User visitor = UserUtils.getCurrentUser();
if (visitor.isBanned()) {
response.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
diff --git a/juick-www/src/main/java/com/juick/www/controllers/UserThread.java b/juick-www/src/main/java/com/juick/www/controllers/UserThread.java
index 7d3894a8d..27788d9b7 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/UserThread.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/UserThread.java
@@ -24,6 +24,7 @@ import com.juick.service.MessagesService;
import com.juick.service.TagService;
import com.juick.service.UserService;
import com.juick.util.MessageUtils;
+import com.juick.util.UserUtils;
import com.juick.www.WebApp;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
@@ -64,7 +65,7 @@ public class UserThread {
protected void doGetThread(HttpServletRequest request, HttpServletResponse response,
@PathVariable String uname,
@PathVariable int mid) throws ServletException, IOException {
- com.juick.User visitor = webApp.getVisitorUser(request, response);
+ com.juick.User visitor = UserUtils.getCurrentUser();
if (!messagesService.canViewThread(mid, visitor.getUid())) {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
diff --git a/juick-www/src/main/java/com/juick/www/controllers/XMPPPost.java b/juick-www/src/main/java/com/juick/www/controllers/XMPPPost.java
index f64907b28..f4b8717ab 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/XMPPPost.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/XMPPPost.java
@@ -3,6 +3,7 @@ package com.juick.www.controllers;
import com.juick.server.util.HttpBadRequestException;
import com.juick.server.util.HttpUtils;
import com.juick.service.TagService;
+import com.juick.util.UserUtils;
import com.juick.www.WebApp;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
@@ -41,7 +42,7 @@ public class XMPPPost {
@RequestParam(required = false) String img,
@RequestParam(required = false) MultipartFile attach) throws IOException {
- com.juick.User visitor = webApp.getVisitorUser(request, response);
+ com.juick.User visitor = UserUtils.getCurrentUser();
if (visitor.getUid() == 0 || visitor.isBanned()) {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
return;